Arm Releases New Security Certifications for IoT Devices

The new multilevel hardware-based security certification for IoT devices is called PSA Certified.﻿

Following the recent announcement of their Neoverse E1 and N1 platforms, Arm has released a new multi level hardware-based security certification for IoT devices. IoT security has been making headlines for all the wrong reasons as manufacturers continue to produce devices with gaping vulnerabilities. Cyberattacks using IoT device powered botnets are more and more common.

Kapersky Labs says that device-targeted malware attacks increased over 300% in 2018, causing monetary damage in the trillions. Arm’s goal is to give developers simple frameworks and resources that will encourage safer device development. Back in 2017, they introduced Platform Secure Architecture, and now they are launching PSA Certified, a brand-new certification layer for IoT devices.

Its goal is to simplify the security process and provide developers with an independent authority to validate their apps. Brightsight, CAICT, Prove & Run, Riscure, and UL have partnered with Arm to establish testing protocols.

“PSA gave
the industry a framework for standardizing the design of secure IoT devices,
and PSA Certified brings together the leading global independent security
testing labs to evaluate the implementation of these principles,” said Paul
Williamson, vice president and general manager, Emerging Businesses Group, Arm.
“This will enable trust in individual devices, in their data, and in the
deployment of these devices at scale in IoT services, as we drive towards a
world of a trillion connected devices.”

PSA Certified is made up of two elements, an API test suite and a multi-level security strength scheme. The testing is a third-party lab-based evaluation that independently checks parts of an IoT platform including the real-time OS, the device itself and the PSA Root of Trust (the integrity and confidentiality source).

There are three levels of security assurance that are assigned via analysis of threat vectors. After the testing, PSA Certified devices will receive electronically signed report cards to determine which level of security should be assigned, assisting businesses in their decision making and risk management.